Monitor Security Controls

This set of flashcards covers key terminology and concepts related to the monitoring of security controls.

Risk Assessment

A process to identify and evaluate risks to information systems.

Continuous Monitoring

The ongoing process of assessing security controls to ensure effectiveness over time.

Security Control

Measures implemented to protect information systems from threats.

Configuration Management

The process of maintaining the integrity of a system through control of its components.

Automated Tools

Technology used for near real-time risk management in security monitoring.

Security Status Report

Documentation of the current effectiveness of security controls and their compliance.

Decommissioning Strategy

A plan for the removal and sanitization of information systems from service.

Plan of Action and Milestones (POA&M)

A document that outlines tasks, responsible parties, and timelines for security control implementation.

Risk Determination

The assessment of how changes affect overall risk to information systems.

Information System Owner

The individual responsible for the security and risk management of information systems.

Security Impact Analysis

Assessment of how changes to an information system affect its security state.

Authorization Decision Document

A record of the assessment and authorization of an information system’s security controls.